CVE - CVE-2011-2522

CVE-ID
CVE-2011-2522	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:48899 URL:http://www.securityfocus.com/bid/48899 CONFIRM:http://samba.org/samba/history/samba-3.5.10.html CONFIRM:http://www.samba.org/samba/security/CVE-2011-2522 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=721348 CONFIRM:https://bugzilla.samba.org/show_bug.cgi?id=8290 DEBIAN:DSA-2290 URL:http://www.debian.org/security/2011/dsa-2290 EXPLOIT-DB:17577 URL:http://www.exploit-db.com/exploits/17577 HP:HPSBNS02701 URL:http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 HP:HPSBUX02768 URL:http://marc.info/?l=bugtraq&m=133527864025056&w=2 HP:SSRT100598 URL:http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 HP:SSRT100664 URL:http://marc.info/?l=bugtraq&m=133527864025056&w=2 JVN:JVN#29529126 URL:http://jvn.jp/en/jp/JVN29529126/index.html MANDRIVA:MDVSA-2011:121 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:121~~ (Obsolete source) OSVDB:74071 URL:~~http://osvdb.org/74071~~ (Obsolete source) SECTRACK:1025852 URL:http://securitytracker.com/id?1025852 SECUNIA:45393 URL:http://secunia.com/advisories/45393 SECUNIA:45488 URL:http://secunia.com/advisories/45488 SECUNIA:45496 URL:http://secunia.com/advisories/45496 SREASON:8317 URL:http://securityreason.com/securityalert/8317 UBUNTU:USN-1182-1 URL:http://ubuntu.com/usn/usn-1182-1 XF:samba-swat-csrf(68843) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/68843
Assigning CNA
Red Hat, Inc.
Date Record Created
20110615	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110615)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)